Application telemetry

Forge instruments application services so operators can see what the software is doing — not only whether containers are running, but whether login, document processing, notifications, and data access are succeeding at acceptable rates.

This guide explains the application telemetry Forge emits: metrics, traces, and structured logs. It complements Infrastructure monitoring, which covers CloudWatch dashboards and alarms, and Observability architecture, which explains how the operational concerns fit together.

What problem this solves

Running services on ECS without application-level telemetry leaves blind spots:

  1. Health checks say “up” but users see errors — the process is alive while business operations fail.
  2. Capacity planning is guesswork — CPU alone does not reveal hot endpoints or dependency slowdowns.
  3. Abuse and overload are hard to detect early — rate-limit and error spikes need dedicated signals.

Forge records metrics at the HTTP layer, on domain operations, on data access, on circuit breakers, and on rate limiting so operators can build meaningful dashboards and alarms.

Architectural overview

  Quarkus service (ECS Fargate)
        │
        ├─ HTTP requests (latency, status codes)
        ├─ Domain operations (login, register, document parse, …)
        ├─ Data access (database, object store)
        ├─ Circuit breakers (open / reject counts)
        └─ Rate limiting (requests, violations, utilization)
                │
                ├─ Metrics ──► AMP (TEST / PROD)  ──► AMG dashboards
                ├─ Traces  ──► X-Ray (TEST / PROD) ──► AMG trace views
                └─ Logs    ──► CloudWatch Logs

  Platform infrastructure (ALB, RDS, WAF, …)
        │
        └─ CloudWatch metrics + SNS alarms

Each service is instrumented with Micrometer and OpenTelemetry. In deployed TEST and PROD environments, metrics and traces export in-process from the application task.

What is measured

LayerTypical signalsWhy it matters
HTTPRequest counts, latency, status codesEnd-user experience and error rates
Domain operationsSuccess/failure per business actionDetect failing login, registration, or document flows
Data accessQuery timing, pool usageCatch database or storage pressure early
Circuit breakersOpen state, rejectionsSpot dependency outages before user-visible cascades
Rate limitingRequests, violations, utilizationAbuse detection and fair-use enforcement

Metrics are consistent across services so dashboards can compare behaviour between auth, actor, document, notification, and audit workloads.

Environments

EnvironmentApplication metricsTracesDashboards
Local devPrometheus (Compose)JaegerGrafana (Compose)
INTExporters offExporters offNot deployed
TEST / PRODAmazon Managed PrometheusAWS X-RayAmazon Managed Grafana

INT deliberately does not deploy the managed observability stack or enable exporters — integration testing does not require production observability infrastructure.

Infrastructure alarms (load balancers, databases, WAF, and similar) use CloudWatch and SNS, independent of AMP. See Infrastructure monitoring.

Security and access

  • Metrics endpoints are not protected by user JWT in the default configuration — they are intended for infrastructure scraping, not browser access.
  • In deployed environments, tasks run in private subnets. Only load balancers and explicitly allowed network paths should reach application ports.
  • Protecting scrape targets (security groups, internal-only access) is an operator responsibility.

Edge WAF rules do not replace network-level protection of metrics endpoints.

Operator expectations

TopicExpectation
DashboardsUse HTTP + domain + dependency metrics together; health alone is insufficient
AlertingRate-limit violations, circuit breaker opens, and elevated 5xx rates are strong alarm candidates
TracesCross-service flows visible in X-Ray via AMG; correlate logs by trace ID in CloudWatch Logs
CapacityCombine metrics with load testing envelopes documented under Performance

Further reading


Did this page help you?